<?php

/**
 * 鉴权类
 */
class Auth {

    static private $_auth = array();
    static private $_auth_config;
    static private $_auth_key = 'auth_';

    /**
     * 写入鉴权相关数据
     */
    static private function _set($key, $value) {

        self::$_auth_config || self::$_auth_config = Sys::getCfg('auth');

        $key = self::$_auth_config['prefix'] . self::$_auth_key . $key;

        if (self::$_auth_config['method'] == 'cookie') {
            Cookie::set($key, $value, 1800, null, true);
        } else if (self::$_auth_config['method'] == 'temp') {
            self::$_auth[$key] = $value;
        } else {
            Session::set($key, $value);
        }
    }

    /**
     * 读取鉴权相关数据
     */
    static private function _get($key) {

        self::$_auth_config || self::$_auth_config = Sys::getCfg('auth');

        $key = self::$_auth_config['prefix'] . self::$_auth_key . $key;

        if (self::$_auth_config['method'] == 'cookie') {
            return Cookie::get($key, true);
        } else if (self::$_auth_config['method'] == 'temp') {
            return isset(self::$_auth[$key]) ? self::$_auth[$key] : null;
        } else {
            return Session::get($key);
        }
    }

    /**
     * 移除鉴权相关数据
     */
    static private function _remove($key) {

        self::$_auth_config || self::$_auth_config = Sys::getCfg('auth');

        $key = self::$_auth_config['prefix'] . self::$_auth_key . $key;

        if (self::$_auth_config['method'] == 'cookie') {
            Cookie::remove($key);
        } else if (self::$_auth_config['method'] == 'temp') {
            if (isset(self::$_auth[$key])) {
                unset(self::$_auth[$key]);
            }
        } else {
            Session::remove($key);
        }
    }

    /**
     * 解析token，获取token内存储的数据
     * 
     * @return array
     */
    static public function decodeToken($token, $utype = 'user') {

        self::$_auth_config || self::$_auth_config = Sys::getCfg('auth');

        return decode_token($token, $utype, self::$_auth_config['prefix']);
    }

    /**
     * 登录，获取token
     */
    static public function Login($uid, $utype = 'user', $refresh_token = false, $token_expire = 1440) {
        self::_set('uid', MEncode($uid));
        self::_set('utype', $utype);
        self::_set('uvalue', MEncode("{$utype}_{$uid}"));
        if ($refresh_token || !$token = read_token($uid, $utype, self::$_auth_config['prefix'])) {
            $token = refresh_token($uid, $utype, self::$_auth_config['prefix'], $token_expire); // token 有效期1小时
        }
        return $token;
    }

    /**
     * 退出登录
     */
    static public function Logout() {
        self::_remove('uid');
        self::_remove('utype');
        self::_remove('uvalue');
        remove_token(self::_get('uid'), self::_get('utype'), self::$_auth_config['prefix']);
    }

    /**
     * 鉴权，如果没有授权则带来源地址跳转到登录页
     */
    static public function checkAuthed($utype = 'user', $redirect = '') {

        if (self::_get('utype') == $utype) {
            $uid = MDecode(self::_get('uid'));
            $uvalue = self::_get('uvalue');

            if ("{$utype}_{$uid}" == MDecode($uvalue)) {
                self::Login($uid, $utype);
                return;
            }
        }

        self::Logout();

        if (strpos($redirect, '/login') !== false) {
            $redirect = '';
        }

        $url = Sys::url('login', 'index', array('redirect' => $redirect));

        echo '<script type="text/javascript">location.replace("' . $url . '")</script>';
        exit(0);
    }

    /**
     * 是否已授权
     */
    static public function isAuthed($utype = 'user') {
        if (self::_get('utype') == $utype) {
            $uid = MDecode(self::_get('uid'));
            $uvalue = self::_get('uvalue');

            if ("{$utype}_{$uid}" == MDecode($uvalue)) {
                self::Login($uid, $utype);
                return true;
            }
        }

        return false;
    }

    /**
     * 获取已授权用户ID
     */
    static public function getAuthedUid($utype = 'user') {
        if (self::_get('utype') == $utype) {
            $uid = MDecode(self::_get('uid'));
            $uvalue = self::_get('uvalue');

            if ("{$utype}_{$uid}" == MDecode($uvalue)) {
                return MDecode(self::_get('uid'));
            }
        }
        return null;
    }

}
